Hack The Box - Forest Writeup

A writeup for HTB Forest, covering Active Directory enumeration, anonymous LDAP and RPC enumeration, AS-REP roasting, BloodHound analysis, ACL abuse, DCSync, and domain compromise.

June 1, 2026 · 7 min · Max Tse

OffSec Proving Grounds Practice - Resourced Writeup

A writeup for the Resourced lab, covering SMB enumeration, credential discovery, NTDS dumping, WinRM access, BloodHound analysis, and Resource-Based Constrained Delegation.

May 31, 2026 · 6 min · Max Tse

OffSec Proving Grounds Practice - Hutch Writeup

OffSec Proving Grounds Practice - Hutch Writeup This is my writeup for Hutch, a Windows Active Directory machine from OffSec Proving Grounds Practice. Compared with my previous AuthBy writeup, this lab was more focused on Active Directory enumeration and privilege escalation. The most important lesson was that a domain compromise does not always start with an exploit. In this case, the attack path came from careful LDAP enumeration, credential discovery, BloodHound analysis, and abuse of LAPS read permissions. ...

May 23, 2026 · 10 min · Max Tse